My Mom built an analog ad blocker for her favorite tablet game and while I cannot stop laughing, I'm also hella proud of her. Go Mom! Stick it to the man!
The reply to this is a fair point: downgrade to a pre-5.6.0 version regardless. It's too soon to know if this exploit path is the only one present.
@arielmt Honestly, i'd say it's better to downgrade regardless.
Basically, if you have xz-5.6.0 or xz-5.6.1 installed on Linux, downgrade to an earlier version of xz.
If you use an older version of xz, don't use Linux, or somehow do use Linux *without* systemd, you should be fine.
I love how the xz backdoor hinges on Poettering's Daemon in order to work.
The Register
Headline: "Malicious SSH backdoor sneaks into xz, Linux world's data compression library"
Byline: "Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES"
https://www.theregister.com/2024/03/29/malicious_backdoor_xz/
this rules, actually. this is direct action https://wandering.shop/@johnpettigrew/112172716984340737
For those of you who use LLMs to help you code, here's a warning: these tools have been shown to hallucinate packages in a way that allows an attacker to poison your application. https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/ #ai #gpt #chatgpt #security
✨ Kind 'Net Help Desk fairy by day. ✨
✨ Weird & furry Unix fairy by night. ✨
✨ Sometimes a retrocomputer fairy. ✨
✨ Pays the ComputerFairi.es bills. ✨
✨ Sparkly✨shellscript✨princess. ✨
✨ Age: Mere days younger than ✨
✨ the Intel 4004 & Unix 1st Edition. ✨
✨ Follow requests welcome. ✨
✨ ✨